这个讨论区是专为正在复习CISSP的考生准备的。

首期讨论的话题是CISSP的第一个DOMAIN：

LOGICALACCESS CONTROL:

我先抛砖引玉一下：

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It permits management to specify what users can do, which resources they can access, and what operations they can perform on a system.

The CISSP students should fully understand access control concepts, methodologies, and implementation within centralized and decentralized environments across the entire Enterprise. Access control techniques, detection and corrective measures should be studied to understand the potential risks, vulnerabilities, and exposures.

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It permits management to specify what users can do, which resources they can access, and what operations they can perform on a system.

The CISSP students should fully understand access control concepts, methodologies, and implementation within centralized and decentralized environments across the entire Enterprise. Access control techniques, detection and corrective measures should be studied to understand the potential risks, vulnerabilities, and exposures.

下一个贴子更丰富

DOMAIN ONE: Logical Access Control完全笔记

辛苦了，版主

I'm a CISSP in china. my cert id 33435 . I just got my CISSP in June,2002. I took the EXAM on May,2002 in shenzhen,china. my experience is that when taking the EXAM, u should pay more attention on Risk Assessment and Configuration/Change Management.
btw, if u English is not good enough, it is hard to pass the EXAM.

CISSP在香港挺多的， 但大陆里基本上是空白。

我认为CISA和CISSP是信息系统发展到一定阶段的产物。当一个公司的战略发展和组织结构和信息系统结合得越来越紧密的时候，也就是信息系统的发展战略是公司发展战略的一部分的时候，才是CISA和CISSP真正大有作为的时候。由于我国信息系统的发展状况，应该到了CISA和CISSP登场的时候。我认为这类辅导会慢慢多起来。不过你可以先动起来。

my experience is that if u have the sense, cissp is easy for u.